DNSstuff.com
Nov
2nd

Tip: Check those Apache log files

A problem that I’ve been asked to fix several times now is a slow Apache server. In several of these cases the slowness was caused because of the size of the logs. Most servers are set up to rotate the logs, but everynow and then things can go awry and the rotation stops. On a busy server you can find the logs growing over 500MB over the course of a couple of weeks. Once they get to this size it will generally start to slow Apache down as it has to open and write to that logfile.

I’ve seen logfiles that had grown to greater than 1GB and Apache really starts to strain at that point.

So… don’t forget to check the logs in /etc/httpd/logs (and /etc/httpd/domlogs if you have CPanel accounts). If the logfiles aren;t rotaing then logrotate is your friend (and youshould get acquainted with it right now).

Sep
13th

Don’t Forget To Do A Spring Clean On Your Server

Over time some of us tend to get a collection of scripts on our servers that we don’t use. It may be a script that you were testing, something you wanted to check out but didn’t use or an old script that was replaced with something else.

I had two incidents this week that related to old scripts. One was a phpBB2 forum. The owner had set this up some time ago (approx. 1 year) but it hadn’t really taken off. He had emailed me that he was continually receiving high cpu load email alerts from his server. When I checked, it was MySQL that was causing the high load. I then had a look with phpMyAdmin and saw that this phpBBdatabase had over 240,000 records in the posts and topics tables and over 1 million records in the ‘words’ database. phpBB has a cron job that builds a database of words and phrases to improve search speed. Because there were so many posts this cron job was taking a long time to run and stressing the CPU a little. The posts were all from automated porn posting ‘bots’ that were just continually adding random pornography related posts. Given that the forum wasn’t getting any real use we simply removed it. It’s not the first time I’ve seen this issue though – forums are a target for automated posters of porn and general spam. If you have set up any forums in the past but didn’t get aroundto using them, now might be a good time toremove them – they may be causing unnecessary server load.

The second incident was a script that creates online forms. The whole thing was written in PHP and could create a form on-the-fly. The owner started to get hundreds of notifications from this form and didn’t know where the notifications were coming from. A quick text search on the server revealed a directory that had this form script in it. Additionally, there was no default page in that directory (i.e.index.php, index.html) and directory listing was turned on. What that means is that the list of files was there for anyone who discovered the directory. This is a common technique for hackers. If, for example, I know that by default a script that I can exploit is usually installed in /nastyscript/ I could easily set up a spider to check domains for that directory. So there are 3 tips in this instance:

  1. Remove your old scripts.
  2. Always have a default file or turn off directory indexing on your server.
  3. Don’t install to the standard directory for a script. In the example above it would have been better to install to something like /nastyscript_131/ or something similarly random.
Sep
13th

WHM – Exclude specific accounts from backup

I had a situation recently where a hard drive filled up because of the daily/weekly/monthly backup. It was a 1 Terabyte drive in a server that was used for hosting so it was a bit unusual, given that there were only 30 or 40 hosting accounts on there. It turns out that there were soem old accounts from an application that is no longer used. That particular application had a large amount of database (MySQL) data and when the CPanel account was compressed the size of the backup file was around 217GB. Multiply that by 3 for daily, weekly and monthly and you can see that it was using up an awful lot of hard drive space.

The customer wanted to keep the data for now, but it wasn’t important enough that it should be backed up. The solution is to go into the WHM backup configuration and scroll to the bottom and click on theĀ  ‘Select>>’ button. This allows you to de-select the accounts that you don’t want backed up. Alternatively, if you are abit of a unix head or want to disable backup of accounts with your own script, all you need to do is add the accounts that you don’t want backed up to /etc/cpbackup-userskip.conf. Just add the account username, one per line.

Apr
26th

Is Your MX Record Configured Correctly?

With the never ending fight against unsolicited email, more and more ISPs and businesses are including an MX check as part of their spam ‘scoring’ method. It’s important that you have your MX record configured correctly so that you don’t lose points due to misconfiguration.

Before we get into that, MX stands for Mail eXchanger. It tells the rest of the world which mail server will be responsible for any mail that should be delivered to your domain. So, as far as importance goes, the MX is right up there!

Basically, there are two golden rules.

1. Your MX IP number should resolve to the MX hostname.

2. Your MX DNS record should be an ‘A’ record.

So..how do you check that it’s right? I usually use DNSStuff.com (the banner at the top of the main page) as it does several additional checks, but lets look at how we would do this the old fashioned way. The first step (and we’ll use dedicatedserverdoc.com as the example) is to find out what the MX host is for your domain. This is easy enough from the unix command line. We’ll just use the ‘dig’ command:

dig dedicatedserverdoc.com mx

The answer I get is mail.optintrust.org. The next step is to look up the IP for that host and then look up the host for the IP:

nslookup mail.optintrust.org

The IP number is 72.36.158.194. So next we look up the IP number:

nslookup 72.36.158.194

The answer we get is:

Non-authoritative answer:
194.158.36.72.in-addr.arpa name = mail.optintrust.org

That’s what we want to see … 72.36.158.194 = mail.optintrust.org = 72.36.158.194. But what if you find that when you look up the IP it says something like 194.158.36.72.reverse.somehost.com? All you should need to do is contact your host and politely ask them to create a reverse DNS entry for your IP number. It should go something like this:

Dear Host, Could you please create a reverse DNS entry for my IP which is 72.36.158.194. I would like the hostname for that IP to point to my mail server – mail.optintrust.org.

You need to tell them your main IP number for your server AND the hostname you would like that IP number to point to.

The second golden rule is that your MX should be an ‘A’ record. Quite often I find that customers have set up their own DNS and their MX is a CNAME (i.e. an alias). There is a specific RFC (i.e. da rules) which states that an MX must be an ‘A’ record.

Feb
29th

CPanel Step By Step Tutorials

I went looking around a while back for some CPanel tutorials that I could recommend. The best I found were the videos at DiscoverCPanel.com.

I’ve said many times that I think CPanel is by far the best website control panel, but like most things IT related, it does have a fairly steep learning curve if you’ve never used it before. Discover CPanel provides 3 free videos, so you can get a good look at what’s on offer without paying a cent. Then, if you find that the videos are useful you have the option of purchasing the full set. So, if you’re a bit od a CPanel newbie, give them a try.